2[00:00:48] <ratrace> martigan: it's the same file.
99-sysctl.conf is a symlink
3[00:03:47] <martigan> ratrace, ty. For future reference how
can you tell if a file is a symlink? So in this case it would be
better to modify the original file as the symlink will point to it
right?
7[00:05:08] <martigan> 2nd Q: Is using UFW to add firewall
rules for a vpn kill switch as good as making them with iptables
directly?
8[00:05:14] <ratrace> it doesn't matter which one you
give to your editor, it's the same file. by default at least,
on debian. you can see it's a symlink by running ls -l
/etc/syctl.d or test it directly file /etc/sysctl.d/99-sysctl.conf
17[00:10:46] <martigan> I'm trying to add rules to drop
all traffic outside of my vpn if my vpn drops. Some tutorials
i've found use iptables directly and some use ufw. I get that
ufw is a wrapper for iptables, so in that case rules set with ufw
will be in ip tables as I understand it. I see what you mean using
file to check if it's a symlink. thanks for that.
25[00:15:53] <jaakkos> martigan: sounds like you could add a
rule that drops all traffic on the physical interface unless
it's targeted to the VPN gateway, and always have that rule
enabled
30[00:17:37] <jaakkos> martigan: I've never used ufw so
can't answer your question, but I'd be interested in
knowing what kind of rules you're planning to use
31[00:18:38] <karlpinc> oxek: Makes sense to me. You can file a
bug report. The install manual says where in it's "about
this manual" section.
37[00:26:26] <martigan> jaakkos: That's my plan, just drop
anything that's not headed for tun0 (vpn if). Iptables looks
kinda complicated for rookie like me but ufw seems to do it in just
a couple of commands. paste.debian.net/1115167/
38[00:27:48] <jaakkos> martigan: well... the iptables rule is
about: iptables -I OUTPUT -o ethX ! -d $VPN_GW_ADDRESS -j DROP
40[00:29:58] <jaakkos> martigan: this would be better: iptables
-P OUTPUT DROP; iptables -I OUTPUT -o ethX -d $VPN_GW_ADDRESS -p udp
--dport $VPN_PORT -j ACCEPT
41[00:31:14] <jaakkos> martigan: I don't really know ufw
but the rule you pasted looks like it wouldn't let VPN client
to communicate with the VPN gateway
42[00:32:08] <jaakkos> martigan: my example assumes your
physical interface was ethX and VPN uses UDP protocol talking to
$VPN_GW_ADDRESS:$VPN_PORT
44[00:34:44] <martigan> ya i'm tracking. ty. I'm
about to try some of these out. I'm using openvpn, you mean it
wouldn't allow it to communicate before tun0 was opened by
openvpn?
56[00:39:40] <jaakkos> martigan: tun0 is just for communicating
between OpenVPN client (a program on your computer) and other
programs on your computer
57[00:39:56] *** Quits: karakedi (~eAC53C340@replaced-ip) (Remote host closed the connection)
58[00:40:07] <oxek> karlpinc: is sending an email the only way
of reporting a bug in debian?
63[00:41:33] <martigan> jaakos: I think I get what you're
saying. I'm reading through the iptables man page rn to figure
what you gave me does then i'm going to give it a try. This is
the tut on ufw where I got the idea for ufw.
replaced-url
74[00:44:53] <jaakkos> (in the usual case :) I'm
simplifying by saying things like physical interface - depends on
how complicated your network setup otherwise is)
76[00:46:16] <jaakkos> martigan: so what you want is let
programs talk freely to tun0 but only let very specific traffic to
go out from the physical interface
87[00:51:09] <trek00> well, if you need i more fine grained
policy you could select a list of users allowed to connect via eth0
and a list of users allowed to connect via tun0
89[00:51:50] <trek00> this setup is more common with tor, where
you would allow only one user to connect via tun0
90[00:51:53] <Aebian> hi guys, for some reason my dns server (a
debian buster) no longer follows the default gateway 10.0.0.1 and
thefore doesn't get any internet. Any idea where I can look to
find out why? No route to host is a commen error I see. However
other debian devices on the network work just fine
91[00:52:40] <trek00> Aebian: what is the output of?
/sbin/route -n
92[00:53:26] <Aebian> uh
93[00:53:27] <Aebian> 0.0.0.0 10.0.0.2 0.0.0.0 UG 202 0 0 eth0
94[00:53:32] <Aebian> that is an issue
95[00:53:47] <Aebian> 0.0.0.0 should point to 10.0.0.1
96[00:53:49] <Aebian> I guess
97[00:54:14] <trek00> yes, if 10.0.0.1 is your gw
98[00:54:23] <ratrace> yeah. how is that set up, dhcp? you have
some dhcp server collision in that network?
108[00:56:08] <jaakkos> martigan: the instructions you pasted
suggest first connecting OpenVPN, and only then applying the ufw
rules
109[00:56:14] <trek00> Aebian: may be you can fix with: ifdown
eth0 && ifup eth0
110[00:56:23] <jaakkos> martigan: I'm fairly certain ufw
does something like "iptables -A INPUT -m conntrack --ctstate
RELATED,ESTABLISHED" by default
111[00:56:28] <Aebian> I already restarted the whole debian box
112[00:56:44] <Aebian> no change hmmm
113[00:56:55] <jaakkos> martigan: ... -j ACCEPT, to that rule
114[00:57:03] <trek00> Aebian: may be there is some conflicting
file inside /etc/network/interfaces.d ?
115[00:57:09] <jaakkos> martigan: this means among other things
that existing connections will not be affected by the firewall rules
that will be applied when you run the script
116[00:57:21] <ratrace> Aebian: also, side note, better bind
those eths to their MACs, to avoid bios ordering hiccups
118[00:57:45] <jaakkos> martigan: ... because the rules
wouldn't allow any other traffic than via tun0. But the
existing VPN connection won't be blocked, because you started
it *before* you applied the rules
119[00:57:56] <Aebian> /etc/network/interfaces.d is empty
120[00:58:03] <ratrace> oh btw... multiple gateways? I
don't think that'd work
145[01:02:45] <ratrace> Aebian: though I'm not 100% sure of
that. "default gateway" is the gateway for all traffic not
specifically routed, so there really can be only one
146[01:03:05] *** Quits: preview (~quassel@replaced-ip) (Remote host closed the connection)
154[01:04:47] <ratrace> NetGirl: you're talking about
"usrmerge" where /bin and /usr/bin are merged (into the
latter, the former being a symlink to it), and equally for /sbin and
/usr/sbin
160[01:06:00] <ratrace> NetGirl: and yeah the reason they were
separate are ancient dogmas, so usrmerge is there to remedy that.
it's decided that /usr/ shold be the target of the merge
161[01:06:42] <ratrace> trek00: one shoudl though. if you have
multiple installations and some are upgrades, you get non-homogenous
installations and that's gonna cause bugs
162[01:06:43] <martigan> jaakkos, that makes sense. Thank you a
ton man for explaining this. I'm reading through the man page
still looking at your commands. If those ufw commands allow any
already established connections that would not be ideal. I
don't know anything about firewalls or iptables. Literally
nothing. I need to pick up a book or spend a day on youtube.
163[01:07:28] <trek00> ratrace: i never installed with usrmerge
and never got a bug, but i have always luck :)
164[01:07:54] <ratrace> trek00: if you installed fresh buster,
you got usr merged. if you upgraded from stretch, you might need to
run usrmerge
166[01:08:22] <trek00> ratrace: fresh buster installation, with
separate /usr partition
167[01:08:37] <ratrace> the bugs that hit ME were assumptions
that /usr/bin is the real dir, and testing worked on freshly
installed staging systems. production failed on systems that were
upgraded. :(
168[01:08:58] <ratrace> trek00: so your usr is merged. /bin is a
symlink to /usr/bin no?
176[01:11:26] <martigan> And firewall rules aren't
permanent by default it would appear. So if I wreck this playing
with it I should be fine after a reboot ya?
177[01:11:36] <ratrace> trek00: btw why do you separate /usr?
any special reason?
178[01:11:43] <trek00> ratrace: i don't know, but really
happy that my old setup is still running fine :)
179[01:12:02] <jaakkos> martigan: yeah. btw if ufw is installed,
it may be that it generates a bunch of rules by default that will
interfere with your own iptables efforts
180[01:12:11] <ratrace> trek00: old setup or fresh installed
buster?
186[01:13:39] <ratrace> trek00: is there some special config
setup required with systemd for separate /usr? systemd doesn't
support it out of the box iirc
187[01:13:58] <trek00> ratrace: i don't know, i'm
still using sysv sorry :)
188[01:15:05] <trek00> ratrace: but i remember that systemd was
mounting /usr shortly after / and before any other partition
189[01:15:19] <Aebian> well to be fair the following command
fixed my issue: sudo ip route add default via 10.0.0.2 & sudo ip
route delete default via 10.0.0.2 as long as I don't restart
the networking service. If I do that it gets reverted to 10.0.0.2. I
wonder where he pulls that info from then
197[01:16:27] <jaakkos> martigan: but there is a shortcoming in
the rule that I pasted - it is possible for programs to send
unencrypted traffic to the VPN gateway address itself (but nowhere
else)
205[01:17:45] <ratrace> Aebian: you should really need just one
gateway. that's the IP where packets are framed for, typically
for LAN/WAN boundary, ie. "the way out of LAN".
206[01:17:49] <Aebian> ratrace: I added a default to 10.0.0.1
(the gw and that what should be used) and deleted the present
default to 10.0.0.2
213[01:19:22] <ratrace> you mean you will _comment_ them out :)
214[01:19:30] <Aebian> yeah sorry
215[01:19:34] <trek00> Aebian: you should configure only one
gateway in you interfaces file
216[01:19:45] <ratrace> Aebian: try it, I'm curious now.
I'd say that it should work just fine with that ONE gateway
entry in interfaces file, for 10.0.0.1
221[01:22:22] <Aebian> commented them out, restarted a dozen
times, works fine. Commented them back in, restarted a dozen times
as well, also default gw 10.0.0.1 is active and used. all fine now
as well
222[01:22:48] <Aebian> only thing I havent done is a full system
restart
223[01:22:55] <ratrace> Aebian: you still have that add default
& delete default ?
224[01:23:07] <Aebian> well I haven't executed it
225[01:23:22] <Aebian> so no didn't change it after I
commented back in
226[01:23:33] <Aebian> works like it worked before
227[01:23:40] <Aebian> which is weird
228[01:23:53] <Aebian> I'll do a full sys restart to see if
that breaks things
229[01:24:26] <Aebian> ip route before the restart
replaced-url
230[01:24:30] <ratrace> Aebian: yea but make sure you have only
one gateway entry. mutliple gateways make no sense.
234[01:27:23] <ratrace> Aebian: you'll see that the routing
table is already set as it should be, eg. packets destined for
10.145.50.x/24 will be routed through eth2. packets destined for
10.145.20.x/24 through eth1, and packets destined for 10.0.0.x/24
through eth0. packets for any other subnet will go through the
gateway 10.0.0.1 unless you specifically route their subnet through
a NIC
237[01:28:08] <Aebian> buthow does eth2 know which is his
default gw if I set it static?
238[01:28:18] <ratrace> Aebian: default gateway == send packets
through this IP when no route is known
239[01:28:24] <Aebian> ah
240[01:28:39] <Aebian> so the gateway thing is just the
universal catch all
241[01:28:39] <ratrace> Aebian: there is no such thing as
"his default gw" for nics. default gw is only one,
"route packets through here, when no routing is known"
247[01:29:39] <jaakkos> martigan: to fix that, you could use the
'mark' option in openvpn config to mark encrypted packets
for iptables, then modify the iptables rule: "iptables -I
OUTPUT -o ethX -d $VPN_GW_ADDRESS -p udp --dport $VPN_PORT -m mark
--mark $MARK -j ACCEPT"
249[01:31:04] <jaakkos> martigan: people here recommended also
filtering by openvpn user, could do that with -m owner --uid-owner.
But openvpn client runs as root so it's not very nice.
250[01:32:47] <ratrace> martigan: "And firewall rules
aren't permanent by default" they are if you set up
through ufw. playing with iptables command direclty isn't
permanent unless you install something like iptables-persistent and
it dumps the rules through /etc/iptables/rules.v4 (and .v6 for ipv6)
251[01:32:58] <trek00> Aebian: the weird behavior come from your
broken setup and parallel interface setup during boot: each time it
setup an interfaces it rewrite the default gateway, but with
parallel startup sometimes the last interface is the one with the
right gateway and sometimes not; on older systems ifupdown was used,
that start sequentially the interfaces and then the last gateway was
always setup
268[01:38:45] <martigan> jaakos: Ya, that would be a problem, I
mean it's not really a problem, at this point I don't do
anything really sensitive, but the reason I'm learning how to
do this is to disallow *anything* leaving me unencrypted. Looking at
openvpn config and the mark option and mark in the iptables man
page.
269[01:39:00] <trek00> ratrace: ip route is the second link
270[01:39:10] <ratrace> oh, right.
271[01:39:23] *** Quits: Guest_55 (2fde6e70@replaced-ip) (Remote host closed the connection)
272[01:39:24] <ratrace> it still shows last config.
273[01:39:30] <trek00> ratrace: may be there is a systectl
command to regenerate interfaces?
274[01:39:53] <ratrace> systemctl restart networking.service but
that just does ifdown & ifup
275[01:40:03] *** PretendMatter is now known as gesturr
276[01:40:11] <ratrace> Aebian: so question, you don't any
systemd-networkd configs there too?
277[01:40:15] <jaakkos> martigan: you should keep in mind that
your machine is going to give out information about itself on the L2
network ("local area network")
278[01:40:26] <jaakkos> martigan: such as MAC address and
possibly hostname
279[01:40:36] <ratrace> Aebian: and when you say
"restarted" do you mean reboot, or you restarted some
service?
284[01:42:22] <ratrace> Aebian: if you restarted the whole
server, how does it know about gateways that are no longer in the
interfaces file, but WHERE before reboot? are you sure you
don't have som eother setup messing stuff up? like another
rootfs or some nfs somethign... those are VMs, right?
285[01:42:40] <ratrace> Aebian: also, no systemd-networkd
settings?
286[01:43:04] *** gesturr is now known as PretendMatter
298[01:44:58] <jaakkos> martigan: right, if you omit that rule
(note that your LAN subnet may be different from the example), you
won't be able to talk on LAN either
302[01:45:57] <ratrace> Aebian: so that's now nearing the
twilight zone.... you sure your VM is not restoring rootfs from a
snapshot or something like that?
303[01:46:01] <martigan> Also VPN port is different and I was
told to use TCP over UDP.
304[01:46:03] <jaakkos> martigan: hostname is leaked by dhcp
client yeah, MAC address is leaked no matter what unless you change
it before you connect on L2
305[01:46:12] <ratrace> Aebian: is that Debian proper or some
derivative that's doing gods know what?
306[01:46:44] <jaakkos> martigan: dhcp client uses raw sockets
so even though it's UDP, you can't catch it with iptables
353[01:51:46] <martigan> jaakkos: I use a random MAC always so
no issue there. And for the time being I'm on my LAN so
I'm not concerned with it. Just my traffic going out into the
world.
354[01:51:53] <jaakkos> martigan: the linuxconfig article seems
quite sloppy. First of all, net.ipv4.ip_forward=1 is not needed for
anything here and will make your configuration less secure
358[01:52:19] <trek00> Aebian: it seems /etc/network/interfaces
is not read at all
359[01:52:48] <Aebian> that's weird
360[01:52:50] <jaakkos> martigan: "-A OUTPUT -o lo -j
ACCEPT" is a good idea though.
361[01:52:59] <martigan> jaakkos: I kinda thought that, I have
used it before when playing around with middling traffic in my house
and didn't see the reason for it here.
362[01:53:01] <jaakkos> martigan: the DNS part is only relevant
if you don't get DNS over VPN
363[01:53:04] <ratrace> Aebian: no network-manager or something
like that?
364[01:53:10] <jaakkos> and you do I'm sure
365[01:53:39] <martigan> I'm using ipvanish and I'm
pretty sure it's over VPN.
366[01:53:39] <trek00> found a similar issue
replaced-url
367[01:53:39] <jaakkos> martigan: though if VPN config specifies
VPN GW as DNS name instead of IP address, you will need working DNS
before you can connect
368[01:53:46] <ratrace> Aebian: oh also... please check
/etc/initramfs-tools/{initramfs.conf,conf.d/*} if something is
forcing network config through initramfs
369[01:54:51] <ratrace> trek00: though look at the ip route
output, those gateways have different metric, so that per se is no
ta problem, that first gateway being 10.0.0.2 is
430[02:10:44] <trek00> setuid: you should add the module to
/etc/modules and rebuild initramfs, but you can also build a bigger
initrd or with a selected list modifying
/etc/initramfs-tools/initramfs.conf
436[02:12:49] <setuid> trek00: I've done all of that, by
overwriting the in-tree foo.ko with the dkms version of foo.ko, and
it boots, but kernel crashes because the module is tainted
445[02:14:48] <trek00> Aebian: or rgrep '10\.0\.0\.2'
/
446[02:15:12] <setuid> So I'm thinking I need to add the
module to initrd.gz as a dkms module, not by overwriting the in-tree
module, causing the taint and crash
447[02:16:13] * jordila for a small (almost) personal VPS (Apache
& PHP + some Nodejs)... i'm willing to try Debian testing,
as can be seen performing quite solid in my laptop
457[02:21:51] <trek00> setuid: you said you ovverwritten
458[02:21:56] <trek00> ops
459[02:22:01] <setuid> trek00: I take the original
netboot's initrd, unpack it, replace in-tree foo.ko with
vendor's foo.ko module built against the same kernel with dkms.
460[02:22:13] <Aebian> trek00: gues what, updated to buster,
issue gone.
461[02:22:17] *** Quits: Krennic (~Krennic@replaced-ip) (Quit: Lost terminal)
468[02:23:10] <Aebian> now it is on buster and seems resolved.
Honestly I still loved to use your regrep search thogh
469[02:23:21] <Aebian> thanks for all your help
470[02:23:23] <trek00> setuid: may be it has secure boot
enabled?
471[02:23:27] <teclo> hi there, I've done a clean install
of 10.1 and it works very well, I have writtent my new firewall
iptables script... I've put a symlink to it from
/etc/network/if-pre-up.d/ ... but it's not executed at boot
time. Some tutorial says I should put the script in /etc/rc.local,
but here in 10.1 I see no /etc/rc.local and I'm not sure I
should create a rc.local (pehaps there is no rc.local because of
systemd)
474[02:24:52] <trek00> setuid: the dkms module has a different
name from the one shipped with default kernel, right?
475[02:25:00] <setuid> It does not, no.
476[02:25:21] <Gerowen> Cut her "Power on to login screen
visible" down to 1:08 by disabling the option in "Sign in
Options" that says something like, "Use my credentials to
automatically log in and restart my apps".
657[04:49:35] <rue_shop1> hi, new install of buster, trying to
compile freecad: apt-get build-dep freecad; apt-get source freecad;
cd freecad-0.16+dfsg2/src; cmake . == Unknown CMake command
"generate_from_xml". THE SOURCE PACKAGE APPEARS TO BE
BROKEN?
658[04:49:45] *** Quits: dtux (~dmtucker@replaced-ip) (Remote host closed the connection)
670[04:54:48] <themill> I'd love it if we could stop going
on about the source package being broken, since it quite clearly
isn't, and instead ask how to fix the problem. Building it with
the correct command is more likely to work, after all
671[04:54:48] *** Quits: rda-mac (~rda-mac@replaced-ip) (Remote host closed the connection)
694[05:03:51] *** Quits: Prints (~333@replaced-ip) (Quit: deadlightbulb.com)
695[05:04:04] <jvava> I can not turn off screensaver, I had
tried xset, xscreensaver, but both not work, it is debian buster,
please help
696[05:04:09] <themill> rue_shop1: I have no idea where
you're getting these ideas from
697[05:04:21] <rue_shop1> jvava,
698[05:04:26] <themill> rue_shop1: none of this is what the
freecad documentation says, what the package does or what I'm
saying
699[05:04:27] <jvava> rue_shop1
700[05:04:40] <rue_shop1> jvava, xset s off dpms force on s
noblank s expose -dpms
701[05:04:52] <rue_shop1> I have it in a script called
turnthedamnscreensaversoffalready.sh
702[05:05:49] <rue_shop1> try to find a CMakeLists.txt
703[05:05:58] <crestfallen> I can't get my buster to
install. I tried 3 versions now on
'firmware-included-10.1.0' somesuch. I tried to edit the
sources.list file precisely has the channel bot instructed me. then
a member suggesteed I look into editing the DNS nameserver listings,
but in the recovery shell I cannot install the
'resolvconf' program. I've worked 5 hours on trying
to install debian. irony is I'm writing you from my home
machine which I
704[05:05:58] <crestfallen> upgraded from stretch and never had
a problem.
705[05:05:59] <rue_shop1> apparently its in the wrong place of
this project
706[05:06:06] <rue_shop1> ugh, wrong channel
707[05:06:13] <themill> rue_shop1: it's in an unusual
place, it is not in the wrong place
708[05:06:15] *** Joins: Prints (~333@replaced-ip)
709[05:06:40] <rue_shop1> I want to be working on my stm32 ADC
code
712[05:06:57] <rue_shop1> I'm apply half my brain to try to
help a guy compile freecad
713[05:07:12] <crestfallen> any suggestions?
714[05:07:20] <jvava> rue_shop1, I can't get your idea
715[05:07:21] <jvava> could you please show me your script?
716[05:07:22] <rue_shop1> "ou are both correct, hardly
surprising, what was happening was that I was pointing Cmake to the
wrong source directory, BUT ... the reason why is that there was no
CMakeLists.txt in the correct directory.... an"
717[05:07:23] <jvava> rue_shop1, more
turnthedamnscreensaversoffalready.sh
718[05:07:40] <rue_shop1> jvava, xset s off dpms force on s
noblank s expose -dpms
719[05:07:53] <rue_shop1> ^^^ that command should turn off all
the stupid screensavers / layers
720[05:07:59] <crestfallen> its been a deep rabbit hole
741[05:12:50] <crestfallen> I'm not expecting to
troubleshoot. If there is something that I may be missing I hope to
be directed to it , where I can read up and try again tomorrow. :)
742[05:12:52] <rue_shop1> so the website compile instructions
are wrong
745[05:13:25] <crestfallen> I did all of the 'buster main
contrib non-free' lines in sources.list
746[05:14:33] <crestfallen> the debian bot gave a precise
entries for that file. though my buster system at home looks
different; that buster came via an upgrade
747[05:14:46] <crestfallen> *gave precise entries
748[05:17:06] <dvs> crestfallen, what was the name of the iso
you used for the install?
770[05:29:39] <crestfallen> I cannot add these two entries to
etc/resolconf : nameserver 8.8.4.4 nameserver 8.8.8.8 ok copy
that.that is sinking in dvs
771[05:29:55] <crestfallen> resolv.conf*
772[05:30:36] <crestfallen> ok yeah that makes sense so
it's hanging even worse then. :)
773[05:31:20] <dvs> you have to get it so that you can start
Debian without the install iso.
774[05:31:47] <crestfallen> right so anything I'm missing?
I've installed debian before happily
775[05:32:49] <dvs> I'd personally would not install the
Desktop GUI during the initial install if you are having trouble
starting it up.
776[05:32:51] <crestfallen> Cannot resolve deb.debian.org comes
up a lot. and missing Firmware error messages.
777[05:32:58] <dvs> OH!
778[05:33:24] <dvs> Missing deb.debian.org is serious. that is a
nameserver (or network) issue.
779[05:34:14] <crestfallen> yes so I was trying to use that
tutorial but it's arbitrary since I don't know if
that's my precise issue
780[05:35:13] <crestfallen> I work at a university with secure
networks
781[05:35:14] <dvs> Chances are that you just have to edit the
/etc/resolv.conf file with the proper nameservers
782[05:35:59] <dvs> secure networks could also be preventing you
from connecting to the Internet at large.
783[05:36:43] <crestfallen> one deb mirror is actually at uc
berkeley I think I used it to download
801[05:45:11] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
802[05:46:03] <crestfallen> dvs another hint is that I tried to
install antiX , a debian derivative, and I had the same types of
error messages cannot resolve deb.debian.org
826[05:58:27] <trek00> crestfallen: there are many terminal
emulators you can run from the graphical desktop if you need a
terminal
827[05:58:47] <crestfallen> sorry 8.8.4.4
828[05:59:36] <crestfallen> no I'm getting nowhere near the
graphical desktop . it hangs while booting with a blinking cursor at
the bottom with 'installing Gnome Settings' I believe
829[05:59:51] <trek00> ok
830[06:00:13] <crestfallen> 'installing Gnome
Settings' is the last thing listed above a blinking cursor
834[06:03:20] <crestfallen> trek00, did you see my post above
re: my attempt to install antiX, and getting similar error messages
read: 'cannot resolve deb.debian.org'
835[06:03:40] <trek00> crestfallen: to resolve you need to setup
your resolv.conf file
838[06:04:18] <crestfallen> I see, just with those nameserver
8.8.8.8 nameserver 8.8.4.4 ?
839[06:04:41] <trek00> crestfallen: yes, on two different rows
840[06:05:13] <trek00> crestfallen: you can also try booting
without graphic desktop, adding 'text' kernel command line
replaced-url
841[06:06:37] <crestfallen> ok get into a shell, create
/etc/resolv.conf file, and list those 2 nameservers on separate
lines. the recovery term should work? trek00
842[06:07:00] <trek00> crestfallen: try to ping goole.com
843[06:07:36] <crestfallen> excellent if that fails I'll
try second strategy at superuser.com . ok will do thanks kindly
trek00 dvs
844[06:07:51] <trek00> :)
845[06:08:05] *** Quits: Eloc (~Eloc@replaced-ip) (Remote host closed the connection)
883[07:03:27] <Kats99> pls help me this time. the for loop in
bash is behaving strange. for i in {1..$loop}; do echo $i done; why
does this print {1..5} instead of 1 2 3 4 5
884[07:04:04] <Kats99> and if i substitute 5 in place of $loop,
it works correctly
977[08:05:00] <setuid> Well, this isn't working. A bare
initrd with the in-tree module, boots but fails because of the
missing support in that module. I insert the out-of-tree module,
overwriting the in-tree module, re-pack the initrd, boot it and it
crashes just after unpacking.
997[08:16:34] <setuid> All I did was unpack the working
initrd.gz, ovewrite in-tree foo.ko with a vendor's out-of-tree
(dkms-built, for the same kernel) foo.ko, and repacked the initrd
back into a .gz
998[08:16:50] <setuid> Well, and updated etc/modules inside the
init, to load foo
999[08:17:08] <setuid> I know I'm missing some piece of
detail here, I'm just not sure what
1012[08:22:05] <noln> But really must be a cleaner way. Maybe put
the module somewhere in /etc for initramfs-tools to include it? then
update-initramfs -u
1025[08:24:49] <setuid> noln: this is a one-time deal, we
don't update kernels that often
1026[08:25:11] <setuid> This is just to get the box pxe booted,
once it's on the network, we can use the vendor's dkms
package and insert it into newer kernels
1027[08:28:07] <setuid> noln: I can't let initramfs-tools do
anything, because the box has no OS on it yet
1028[08:28:07] <setuid> I need the out-of-tree module inside the
netboot's initrd, so I can PXE boot it through Cobbler
1029[08:28:08] <trek00> setuid: update-initramfs should create
the initrd image for you
1030[08:28:08] <setuid> trek00: How does update-initramfs run
from pxe boot?
1031[08:28:08] <trek00> setuid: you should run on the machine
where you are creating the initrd
1032[08:28:08] <setuid> trek00: I have a piece of hardware
(actually, hundreds of them), with no OS on them at all.
1034[08:28:08] <trek00> setuid: where you build dkms module?
1035[08:28:08] <setuid> trek00: I've installed the same OS +
kernel in a VM, where I"m building the initrd, and
rsync'ing it over to the cobbler server
1036[08:28:08] <setuid> update-initramfs in that VM, does not
create an initrd.gz that I can use with cobbler to pxe boot
1037[08:28:34] <setuid> I need to create a netboot that contains
this module, so I can pxe boot the box with a working network
1045[08:34:26] <setuid> The initrd.img that update-initramfs
builds, only contains 1 file, "GenuineIntel.bin", but the
initrd in netboot, has hundreds of files (and is significantly
larger)
1046[08:35:23] <trek00> setuid: you should set MODULES=netboot to
/etc/initramfs-tools/initramfs.conf
1047[08:35:57] <trek00> setuid: check man initramfs.conf
1056[08:40:11] <noln> re: GenuineIntel, double-check with
lsinitramfs or another inspection method per <replaced-url
1057[08:40:26] <trek00> setuid: anyway if the initrd image is
correct, you should check if the dkms module is running fine on the
building machine, just to check if it can be loaded
1058[08:41:14] <setuid> trek00: I can't do that, because I
can't get the OS installed, without network, which the
missing/crashing module provides
1060[08:41:48] <setuid> Enabling the NIC using the module
I'm trying to inject, is what allows the install to complete
via pxe
1061[08:41:56] <trek00> setuid: you should try to modprobe the
module on the machine where you built that module
1062[08:42:05] <setuid> update-initramfs does _not_ build a
netboot initrd
1063[08:42:18] *** Quits: ilikeyou (uid389024@replaced-ip) (Quit: Connection closed for inactivity)
1064[08:42:30] <setuid> Yes, I can insmod/modprobe the module on
my VM, where I've built it, using dkms, and that works. modinfo
also confirms its the right module.
1065[08:42:37] <trek00> setuid: and check the last message of
noln it was for you i think
1067[08:42:57] <jelly> setuid: that file name sounds like
microcode, it's put as a special part of initramfs. Should be
able to get rid of it by remove intel-microcode package and
rebuilding.
1068[08:43:31] <setuid> jelly: So if I remove the intel-microcode
package from my VM, and re-run initramfs, it's going to build a
full netboot?
1069[08:43:37] <noln> why get rid of it? the inspection method
could be ignoring what comes after that
1070[08:44:01] <setuid> noln: It's a 7Mb initramfs, the
netboot initrd compressed is 49Mb
1071[08:44:05] <noln> The microcode and the normal initrd's
are concatenated to get the final initrd
1072[08:44:12] <setuid> I'd be surprised if they fit 49+ Mb
into < 7Mb
1073[08:44:13] <noln> ah ok
1074[08:44:14] <jelly> setuid: it's going to build the same
thing as before, just without microcode
1085[08:48:05] <setuid> Ok, removing the microcode package does
change the nature of the initrd.img, but it still doesn't
contain the module I need, and that module _is_ declared in
/etc/modules. I'll poke around... this whole process is a
nightmare of cobbled-together tools that don't work very well.
1086[08:48:49] <setuid> Ok, _now_ I've got it in the
initrd... needed it in /etc/initramfs-tools/modules
1100[08:56:24] <setuid> damnit... well, it didn't crash at
boot, but instead, dropped to initramfs prompt, couldn't find
most of the root fs in the netboot, /etc/fstab missing, /root/dev
missing, etc.
1116[09:07:06] <trek00> setuid: if you have done an initrd which
don't crash but drops to a shell, probably you need to copy
some init file, but they should already copied
1117[09:07:25] <trek00> bibble: you could use backports too
1146[09:18:28] <ratrace> setuid: can you tl;dr your issue? I just
ran through the scrollback and it's something about custom
initramfs?
1147[09:18:34] <setuid> oops, yubi... so update-initramfs omits
the init= value, so it can't complete a boot
1148[09:19:12] <setuid> ratrace: I have a working, bootable
initrd, which cobbler happily hands to my hardware over pxe boot.
But that default initrd, lacks the module needed to bring up the
NIC.
1150[09:19:32] <setuid> So I have a dkms version of the module
which I built in an identical version of the OS + kernel in a VM.
1151[09:19:48] <ratrace> setuid: and now you want to put it in
the intramfs?
1152[09:19:51] <setuid> I've injected that module into the
unpacked initrd, and re-packed it
1153[09:20:20] <setuid> ratrace: just want a clean, working
initramfs/initrd, with the out-of-tree dkms module in it, so I can
complete the pxe boot and install
1157[09:22:00] <ratrace> setuid: well there's two things you
can do, if this was a regular boot, I don't know how
cobbler/pxe fit into it. You can write a simple initramfs-tools hook
in which you copy your module in, and you add it to the list of
modules to forcefully load up.
1158[09:22:02] <jelly> setuid: you could get the netboot image
for 10.1 release, make sure you have the same kernel, build and plug
your module in that?
1162[09:23:51] <ratrace> well, that's kinda what I do on my
systems, as I don't use cryptsetup-initramfs, and instead have
a custom hook that pulls in the crypto modules.
1164[09:24:48] <ratrace> setuid: you can look up any
/usr/share/initramfs-tools/hooks/* for an example, and unfortunately
I'm now aware of a detailed guide how to construct these, I
just copypasted cryptoroot's default hooks and modified to my
needs reading source
1165[09:24:52] <setuid> They're pulled into the initramfs by
/etc/initramfs-tools/modules, which is fine... but there's
something missing, it's not building a working init
1169[09:25:54] <ratrace> okay if it's just modules and no
userland components to that?
1170[09:26:20] <setuid> ratrace: this is just a simple netboot
install, but I need the NIC module to complete the install
1171[09:27:22] <setuid> Going to try something else
1172[09:27:36] <setuid> I can't believe this is so
difficult; I've been trying to figure this out for over 10 days
1173[09:27:44] <setuid> I tried repacking the install iso, that
didn't work
1174[09:27:57] <ratrace> what's the module needed for, to
even begin pxe/netboot?
1175[09:28:07] <leden> setuid, did you read
replaced-url
1176[09:28:11] <setuid> I mean, I can unpack squashfs, put the
modules in it, all that works, but the initial boot doesn't
include the module, because the iso's initramfs doesn't
include it
1179[09:28:25] <setuid> But the resulting install _from_ that
booted ISO, does have the right module laid out on disk
1180[09:28:34] <b_and_w> im a newbie to shell scripting. i just
wrote my very first shell script.
1181[09:28:46] <setuid> leden: I don't need any custom
firmware
1182[09:28:52] <b_and_w> i have barely a month's experience
with linux, so im still learning. I have a question: is there a
difference between a batch file and a script?
1183[09:29:08] *** Quits: dionysus69 (~Thunderbi@replaced-ip) (Remote host closed the connection)
1193[09:31:42] <setuid> Fundamentally, no, there is a minimal
difference. Both execute commands line-by-line. The mechanism they
are executed, differs (mostly by the executed interpreter called to
run those commands)
1194[09:32:52] *** Quits: b_and_w (~michael@replaced-ip) (Quit: Lost terminal)
1200[09:35:28] <setuid> noln: I have no idea. If I use
'update-initramfs -c -k $(uname -r) -b .' and then take
that initramfs that is made, along with /boot/vmlinuz-$(uname -r),
and ship those over to cobbler, it does boot, and gets to the point
where it tries to mount /sys, /proc, /dev, etc. and fails. "No
init found"
1215[09:39:02] <setuid> noln: The default netboot/initrd.gz boots
successfully, gets into the installer, and then fails because it
can't find network. So I started with that.
1217[09:39:43] <setuid> So I took that, unpacked it, then created
a new initramfs, unpacked that _over the top of_ the same tempdir
that I unpacked the netboot/initrd.gz into, combining both.
1218[09:39:56] <setuid> Then I repacked that into a new
initrd.gz, which now fails to boot, lacking init
1220[09:42:24] <trek00> setuid: have you tried to concatenate the
build initrd with dkms module to the initrd from netboot? zcat
yourinitrd.gz netboot/initrd.gz | gzip -9v newinitrd.gz
1221[09:43:23] <ratrace> that's exactly explained in the
link leden posted, for Jessie and above:
replaced-url
1222[09:43:28] *** Quits: [sID] (sid@replaced-ip) (Remote host closed the connection)
1403[11:29:46] <ratrace> disabled systemd services can still be
started as a dependency for something else, or by NM or some other
DE component. to truly disable it, one must "mask" the
service unit
1404[11:29:57] <tarzeau> diogenes_: why would i?
1405[11:30:14] <tarzeau> diogenes_: i'm using gnustep/wmaker
i don't like fd.o and desktop files, nor gnome, nor systemd
1406[11:30:39] <ratrace> tarzeau: I think that was for Wulf and
you were mistabbed :)
1422[11:39:59] <ratrace> Wulf: in case that fails too (because
all you can do is blacklist modprobe on boot, but it should still be
modprob-able manually or by a service, unless I'm mistaken),
you can systemctl mask bluez.service I think that's the service
name?
1423[11:40:26] <ratrace> that means you'll have to
unmask+start when you do want to use BT, and stop+mask again when
you don't
1540[12:54:55] <Wulf> I use ext4 + lvm on hardware raid and it
works for me. But I'm not an expert on these things.
1541[12:55:47] <Guest_76> Fair enough, thanks for chiming in,
trying to stay away from hw raid as i don't have
proper/interchangeable raid controllers :)
1552[13:02:29] <ratrace> Guest_76: Zfs works just fine on Debian
1553[13:02:37] <ratrace> Wulf: pls no FUD kthnxbai
1554[13:02:56] <Wulf> ratrace: I didn't say that it does not
work.
1555[13:03:13] <ratrace> Wulf: but you're spreading FUD with
that license nonsense
1556[13:03:24] <Wulf> ratrace: how is that nonsense?
1557[13:03:48] <ratrace> because it is. ZFS license does not
prevent it from being used and installed on debian systems. it does
not violate the kernel or any GPL or any other license
1558[13:04:07] <ratrace> it's also not proprietary code,
it's open source.
1582[13:07:43] <Wulf> Guest_76: looks like it's easily
installable on Debian.
1583[13:08:23] <ratrace> there's just one bug with
buster's packaging, it requires spl-dkms be installed _first_
and when zfsutils-linux fails on modprobe, it must be
modprobe'd manually and apt install resumed
1584[13:08:47] <Guest_76> ran into that bug on test install i
think :)
1620[13:36:57] <Erhu> if I have two debian distros on my sda ; is
it ok if I just create one SWAP since only one of them will be used
one-at-a-time. Is this ok
1668[13:52:36] <Erhu> what is the GTK ... apt-get install GTK
doesn't work, I tried apt-cache search GTK but too many .. have
anyone here installed GTK
1671[13:53:53] <ratrace> Erhu: that said, you almost never
install it directly, it's pulled in as a dependency, because as
you see there are several bindings and variants
1672[13:54:55] <Erhu> Geany said to install gtk first... but
didn't say how.
1692[13:58:29] <Erhu> how can I tell if I have stretch?
1693[13:58:29] <ratrace> you can easily upgrade to buster. and if
you're on devuan, then yeah, their next release, based on
buster, is nowhere in sight.
1694[13:58:44] <jelly> Erhu: lsb_release -sc
1695[13:59:04] <jelly> !debian suite
1696[13:59:05] <dpkg> cat /etc/debian_version (or lsb_release
-sc). Or check /etc/apt/sources.list. If unsure about the
distribution, $ cat /etc/{*version*,*release*,*issue*} should grab
almost all distributions.
1741[14:11:40] <n_1-c_k> ratrace, I have no auto update enabled
(that I know of!). I'm not sure it really is updating as there
is no change in the version number in help/about.
1742[14:11:42] <TomyWork> iirc, there was a command to
specifically mark one package version as bad and have the autoupdate
ignore it, but install the next one. I have a use case for that with
a 3rd-party package but I cannot remember the command.
1743[14:13:50] <n_1-c_k> ratrace, thanks for your responses. I do
suspect the 'update' is bogus as my bandwidth is so puny I
think I'd notice the download. But am unsure.
1744[14:13:56] <ratrace> n_1-c_k: are you sure you're not
runnign unattended-upgrades or something and FF updated (As it
recently upgraded from ESR-60 to ESR68) without you knowing?
1746[14:14:44] <ratrace> I ran into exactly that once,
that's how I saw that FF page for the first time. was testing
gnome and I didn't know it came in unattended-upgrades and FF
updated without me noticing
1747[14:14:53] <n_1-c_k> ratrace, unless unattended-upgrades has
installed itself, no, I've never run it.
1748[14:15:03] <ratrace> n_1-c_k: it is on GNOME installations
afaik
1770[14:20:15] <rander2> ratrace, so must I buy it from a
certification autority ?
1771[14:21:02] <rander2> is it possible use a free system or must
I buy it ?
1772[14:21:05] <n_1-c_k> I'm getting more sure that
it's a bogus message from Firefox. It often warns me of OCP(?)
errors that go away when I restart ff.
1773[14:21:19] <n_1-c_k> I hope it's nothing nefarious.
1774[14:21:46] <ratrace> rander2: you can use free certificates
from LetsEncrypt. Also some registries and CAs are offering free
options, like Comodo
1776[14:22:08] <ratrace> n_1-c_k: first thing I'd suspect in
that case is filesystem corruptions
1777[14:22:17] <rander2> ok
1778[14:22:43] <n_1-c_k> ratrace, oh that sounds bad. How does
one verify or correct such a thing?
1779[14:24:01] <ratrace> n_1-c_k: depends on the filesystem. you
can see if there are any hints of it in dmesg. you can run e2fsck
with the -c option (I think it might require unmounted filesystem
for that).
1780[14:24:10] *** Quits: Guest_76 (3d7dc027@replaced-ip) (Remote host closed the connection)
1781[14:24:12] <ratrace> that's for ext filesystems for
example
1792[14:30:58] <fighter_fish> hello running debian 10 on a VM. So
far everything ran fine, but once I was tinkering with open box and
accidentally messed up. So I fix my error and restart the VM,
however on boot I find I can't access the internet. What went
wrong? How does tinkering with my WM mess with my ethernet?
1795[14:32:18] <oiaohm> With modern day drives by the time file
system is showing badblocks you are really in big trouble because
the smart system on the drive has to have failed.
1796[14:32:33] <oiaohm> Or the cable to the drive has failed.
1806[14:42:57] <rander2> I'm configuring exim4 for sending
mail, the server is on a vps. I may send mail locally throught mutt
, but not from remote . How may I end mail using exim4 from vps
without enable mail spamming ?
1836[14:54:16] <rander2> ratrace, mutt and mail are 2 text client
locally in vps
1837[14:54:46] <ratrace> rander2: I'm just trying to
understand your question. "How may I end mail" .... what
do you mean by "end mail"?
1838[14:55:09] <ratrace> "end mail ... from vps without
enable ... spamming" what does that mean
1839[14:55:21] <greycat> If you're sending mail via a
command-line client like mailx which is reading from stdin, you end
the message the same way you *always* end tty stdin -- by pressing
Ctrl-D on a line by itself
1848[14:56:15] <greycat> rander2: paste for us the error message
you are seeing
1849[14:56:21] <ratrace> greycat: I don't think that was the
question, I think it's a language barrier... they probably mean
something else and i'm trying to figure out what
1850[14:56:36] <greycat> yeah, subsequent messages from this user
confirm that it's still very ambiguous
1864[15:02:01] *** OS-24787 is now known as typh0on
1865[15:03:13] <Shahnaz> any way to bind glusterfsd volumes to
internal ips only?
1866[15:03:27] <Shahnaz> per default its on *:49152
1867[15:03:52] <n_1-c_k> ratrace, oiaohm, thanks. I rebooted with
'fsck.mode=force' which found nothing, so I'll hope
for best and assume ff is playing tricks.
1889[15:09:52] <ratrace> rander2: by "local mailbox" I
mean... mailbox for delivery. "local" has other meaning
with MTAs (delivery to local system users' maildir/mailbox)
1890[15:10:34] <rander2> ratrace, I'm trying to send mail
from thunderbird, I haven't exim here, cause I'm in back a
NAT
1901[15:12:40] <teclo-> afternoon, I am a regular Debian
GNU/Linux user and I just clean-installed Debian 10.1 on a server...
I got a problem in screen and/or irssi: ctrl-n and ctrl-p for next
and previous channels work, but esc-1 or esc-2 or esc-3 do not bring
me to the 1st, 2nd, or 3rd channel... what is the next step ?
1902[15:12:44] <ratrace> rander2: I think your bad english
prevents you from having quality support here. either try google
translate or try your language specific channel. which language is
it?
2049[16:10:52] <rander2> I have a vps running exim4 , how can I
make exim accept mail from a different host, but with an existing
sender? He always tells me "relay not permitted"
2054[16:12:25] <revolutionary> Here is the apt connection view
2055[16:12:26] <revolutionary> 0% [Connecting to SOCKS5h proxy
(socks5h://127.0.0.1:9050)]
2056[16:12:29] <greycat> rander2: if you're trying to
RECEIVE mail (rather that pass it along, which is called
"relay"), you need to tell exim what your domains are. So
when exim receives a message that says "to
jonnie@your.domain", and "your.domain" is considered
local, exim will accept it and deliver it.
2060[16:13:53] <greycat> On the other hand, if you ARE trying to
relay mail (a -> b -> c and you are currently looking at b),
then that's a WHOLE different question and a whole lot harder
to answer.
2064[16:16:31] <rander2> greycat, I'm trying to relay mail
using exim as smtp , but with existing users on vps. In other worlds
to send mail without using local account on vps
2068[16:17:34] <rander2> classic relay mean send mail from
another doman
2069[16:17:52] <greycat> Conceptually, the issue is "how do
you know which message to relay, and which messages to reject".
2070[16:18:25] <greycat> In the good old days, you simply
accepted messages based on source IP addresses, because you were
relaying for the users in your corporate network.
2071[16:18:51] <rander2> greycat, to avoid spamming ralay is
disable, I must usa some type of smtp authentication , but I dont
know exactly how do this
2072[16:18:57] <greycat> But around 20 years ago, it became the
Cool Thing for people to work from home and shit, so now you
can't use IP addresses to judge which messages are allowed.
2073[16:19:26] <greycat> rander2: OK, good, at least you
understand what the issues are. If nobody here knows, then find an
exim channel.
2074[16:20:18] <lunchslut> anyone using ibus on 10.1? ive been
having issues switching input methods in Qt apps since updating to
stable. i have the same issue on multiple distinct machines
2075[16:20:45] <lunchslut> i havent been able to find any
relevant bug reports though and it works fine on oldstable
2076[16:20:50] *** Quits: utail_ (~travism@replaced-ip) (Quit: Lost terminal)
2077[16:21:39] <rander2> I must set up ssl/tls to authenticate
the sender user , but I dont know exacly
2092[16:27:27] <ratrace> oh wow I forgot about the userfriendly
cartoon!
2093[16:27:33] <aexl> greycat: i solved i by allowing stable
updates (xD) and also installing xdg-dbus-proxy and also upgrading
gir1.2-webkit2-4.0 and libwebkit2gtk-4.0-37
2094[16:27:38] <revolutionary> ohh ratrace how do you do?
2096[16:28:12] <rander2> all major mail provider as google ,
yahoo, for example , use this approach to avoid spamming and fake
mail sender. So my question isnt so strange
2097[16:28:35] <revolutionary> rander2 maybe you should use
SPF/DKIM
2098[16:29:01] <greycat> Nobody said your question was strange. I
said I don't know how to do it with exim. Ask the #exim channel
if nobody else here knows either.
2115[16:33:12] <petn-randall> hi, how do I find out by which
process a file is created? I tried inotifywait, but that
doesn't list the process doing the file access.
2129[16:38:47] <petn-randall> ratrace: I'm trying to give
fnotifystat a spin, but it's always just outputting
"Duration must be 0.5 or more." The man page does not
mention any duration.
2183[16:56:20] <webstrand> Is there a way to mark a package for
autoremoval? I've `apt-mark auto mlocate`, but `apt-get
autoremove` doesn't remove the package
2184[16:56:52] <greycat> why not simply remove it?
2186[16:57:08] <jelly> webstrand: autoremove won't remove
any package if some other Depends or Recommends on it
2187[16:57:09] <webstrand> Bascially, I want to queue up manually
installed packages for removal, then let apt figure out which
packages are still needed and which aren't
2188[16:57:27] <Habbie> webstrand, trying to explicitly remove it
may show you why it is not being autoremoved
2245[17:05:16] <dpkg> The release following Debian 10
"Buster" is codenamed "Bullseye" (Woody's
horse in Toy Story 2) and will be Debian 11. It is the current
"testing" release. Remember that straight after a stable
release, all sorts of mess suddenly lands in "testing" and
it is best avoided if you don't like debugging things.
replaced-url
2246[17:05:16] <greycat> how on earth can you work the word
"clean" into that sentence with a straight face
2266[17:09:19] <ratrace> greycat: you're missing that
it's a path mounted rw by systemd with all sorts of gotchas and
warnings
2267[17:09:20] <xormor> ratrace, "/dev/sda1 on /boot/efi
type vfat" this is some EFI. then there is the /boot in
"/dev/sda2", and then there is the efivars.
2290[17:16:36] *** Quits: breakout (~break@replaced-ip) (Remote host closed the connection)
2291[17:16:39] <greycat> What "issue"? That
"suggests" prevents autoremoval? That sounds eminently
sensible to me.
2292[17:16:39] <webstrand> `apt-mark showauto | grep mlocate`
shows that mlocate is marked auto
2293[17:17:54] <greycat> Maybe I'm slightly biased, because
I *completely* disable autoremove on my systems, but I would think
that the default behavior of autoremove (if it's to be
tolerated at all) should be *extraordinarily* conservative. Nothing
should be removed if there's even a *hint* that something might
want it.
2295[17:18:44] <annadane> yep should be pretty conservative
2296[17:18:44] <jhutchins_wk> If you use aptitude in menu mode
it's possible to go through and mark a selection of packages to
remove then remove them.
2297[17:18:57] <webstrand> But suggested packages /have/ to be
manually installed in the first place, right?
2298[17:19:03] <greycat> No.
2299[17:19:12] <revolutionary> jhutchins_wk which file i should
locate or edit?
2300[17:19:19] <greycat> apt has modes of operation where it
installs Suggests, or not.
2301[17:19:21] <revolutionary> i couldn't find file name on
that page
2304[17:23:27] <greycat> apt-get has the command-line option
--install-suggests and the doc points to config file item
APT::Install-Suggests as its parallel.
2305[17:23:42] <jhutchins_wk> revolutionary: That project
hasn't had a commit in over three years. If you installed it
from the debian repos, dpkg -L will show you what files it
installed, but I would think an un-maintained package that
doesn't have clear documentation and addresses something that
really isn't a real need might best be avoided.
2306[17:23:52] <annadane> only depends and recommends are
installed by default and you can --no-install-recommends if
you're really adventurous
2307[17:23:59] *** Quits: tagomago (~tagomago@replaced-ip) (Remote host closed the connection)
2308[17:24:26] <revolutionary> jhutchins_wk i will try now dpkg
-L
2309[17:24:26] <ratrace> I only install with
--no-install-recommends :) too opinionated for my taste.
2310[17:24:49] <annadane> not a bad approach. i'd probably
go crazy if i did it myself though
2312[17:25:19] <webstrand> Is there some way I can `apt-get
remove foo bar` where remove will skip package foo if it's a
dependency of another package?
2313[17:25:23] <jelly> it's a good approach if you
don't ask questions why stuff does not work, in here
2314[17:25:24] <ratrace> of course it sometimes has a point, but
things like smartmontools pulling in an entire MTA suite? nope nope
nope nope.
2316[17:26:06] <webstrand> I've been using autoremove, but I
know which packages I no longer need, I just don't know if
they're dependencies of other installed packages
2317[17:26:08] <greycat> webstrand: what are you actually trying
to do?
2318[17:26:08] <jelly> ratrace: install a tiny one like dma, or
you won't get mail when a disk fails
2319[17:26:36] <ratrace> jelly: I know and I don't want it
to send any emails.
2321[17:27:00] <webstrand> greycat: I'm trying to remove a
list of packages that I installed previously. But I don't want
to remove dependencies of other packages that I'm not
explicitly removing
2324[17:27:04] *** Quits: beaver (~beaver@replaced-ip) (Remote host closed the connection)
2325[17:27:08] *** Quits: wxb1 (~wxb3@replaced-ip) (Remote host closed the connection)
2326[17:27:20] <greycat> And this is a one-time thing? With a
finite list?
2327[17:27:23] <webstrand> yep
2328[17:27:31] <ov3rmind> hey guys please gimme some attemption,
oneof myfirst used distros is slackware butineed to beinvited to
join in this freenode channel, anyone can invite me please?
2329[17:27:37] <greycat> Just do "apt-get remove foo"
and if it says "I want to remove three things", say no,
and move on to the next one.
2330[17:27:51] <annadane> ov3rmind, i believe it's
##slackware
2331[17:28:04] <annadane> note the double number sign
2332[17:28:12] <ratrace> isnt there usually an autoredirect?
2357[17:31:44] <JordiGH> greycat: What makes you think my Firefox
crashes are related to dsa-4558?
2358[17:31:51] <greycat> what
2359[17:32:03] <swift110> lol greycat
2360[17:32:04] <ratrace> me too! then I was, like "what do
you mean there's no package manager!? what do you mean I have
to resolve deps myself!" and then it was removed, pronto
espresso schnell.
2361[17:32:06] <JordiGH> lol
2362[17:32:06] <JordiGH> <JordiGH> ratrace: I guess it just
took longer:
replaced-url
2363[17:32:08] <JordiGH> <greycat> Seems it's related
to
replaced-url
2364[17:32:14] <greycat> what makes you think anything I said
about a dsa was directed at you
2365[17:32:22] <ratrace> JordiGH: bet lost eh
2366[17:32:25] <greycat> that was a different discussion
2367[17:32:35] <JordiGH> greycat: The fact that you said it right
after I said it and you didn't address anyone.
2368[17:32:41] <JordiGH> That's what makes me think you were
talking to me.
2369[17:32:47] <JordiGH> It's a reasonable assumption to
make.
2370[17:33:08] <JordiGH> Especially since you said "even
though the package name isn't mentioned explicitly [in the
stack trace]".
2371[17:33:27] <JordiGH> ratrace: Yep. I should have insisted on
it.
2555[19:19:17] <dpkg> Ciao, vai su #debian-it per ricevere aiuto
in italiano. Italian Speakers: Please use #debian-it, there you will
get much more help.
2556[19:19:50] <tradar> !de
2557[19:19:50] <dpkg> Deutschsprachige Hilfe bekommt ihr in
#debian.de (auf irc.oftc.net, irc.freenode.net oder irc.belwue.de) -
German speaking users please go to #debian.de (on irc.oftc.net,
irc.freenode.net or irc.belwue.de).
2558[19:19:56] <tradar> ĸeĸ
2559[19:20:12] <luca> Grazie, sono qui solo per fare due
chiacchere su debian, sapete dove posso trovare un canale per
parlare con gli sviluppatori? Ho qualche idea in merito per
migliorarlo
2561[19:20:52] <lupulo> luca try to send an email to the package
which you want to improve
2562[19:21:08] <luca> Faccio computer per amici e collaboro con
un negozio dunque sono riuscito a ottimizzare l'interfaccia in
modo che sia userfriendly per tutti
2563[19:21:18] <luca> Basata su Xfce
2564[19:21:21] <lupulo> luca you could try to speak with the
mantainer of the package
2686[20:12:17] *** Quits: marsupapu (~marsupapu@replaced-ip) (Remote host closed the connection)
2687[20:14:00] *** Joins: mati (~mati@replaced-ip)
2688[20:14:10] <mati> Hi, I have a question regarding GRUB. I was
looking for an answer, but couldn't find it on Arch Wiki.
I've changed the resosution of GRUB ( in /etc/default/grub
GRUB_GFXMODE=) from auto to 1920x1080. Before the change, GRUB
loaded instantly but with 1080p resolution it loads from bottom to
top, if you know what I mean. Is there any way to mitigate/eliminate
this and make the loading faster?
2703[20:22:42] <mati> diogenes_: can't really do that,
because I have a custom theme. That's another reason why I
wanted to change the resolution to higher (I wanted the theme to
look good)
2704[20:23:53] <diogenes_> mati, and that's why it's
laggy, it has to do with framebuffer device.
2705[20:24:29] *** Quits: pringau (~pringau@replaced-ip) (Remote host closed the connection)
2706[20:24:33] <mati> diogenes_: So there isn't a way to
make the loading faster without lowering the resolution, right?
2742[20:34:14] <mati> diogenes_: I'll try on another
machine, though. My friend once tried to dual boot windows and linux
and he didn't manage to do it. He uses Arch and even Arch Wiki
says that this option is not recommended and it's better to go
with BIOS in that case
2758[20:38:46] <greycat> f8e3: if you installed an MTA, yes
2759[20:39:13] <f8e3> does MTA need to be a mail provider/hoster
or just custom setting-up?
2760[20:39:22] <greycat> !mta
2761[20:39:22] <dpkg> A Message/Mail Transfer Agent (MTA) is a
program that transfers e-mail in or out of a system, most often
using SMTP. An MTA is usually accessed by calling /usr/sbin/sendmail
and thus usually includes that binary. Therefore, in Debian, all
MTAs (<exim4>, <postfix>, <qmail>, <ssmtp>,
<nullmailer>, etc) mutually conflict. Ask me about <which
mta>, <mta comparison> and <why an mta>.
replaced-url
2794[21:00:21] *** Quits: dvs (~hibbard@replaced-ip) (Remote host closed the connection)
2795[21:00:49] *** Quits: aleksander (b22a0e75@replaced-ip) (Remote host closed the connection)
2796[21:01:09] *** Quits: platvoeten (~platvoete@replaced-ip) (Remote host closed the connection)
2797[21:01:15] <somiaj> I dual boot just fine with uefi (though
haven't tested secure boot), I just use the firmware to select
which efi file to boot from, not grub. I kinda hope bootloaders
become less common with uefi, since they aren't really needed
anymore
2798[21:01:32] <somiaj> though I guess they do allow you to have
multiple kernels easier, than having to put extra enteries into the
efi partition
2818[21:10:23] <greycat> If you do not have a working mail server
of your own, you'll probably have to relay your outgoing mail
through a smart host, typically using SMTP Authentication (name and
password) so the relay will permit you to use it.
2819[21:10:46] *** Quits: mati (~mati@replaced-ip) (Quit: Lost terminal)
2822[21:10:57] <dpkg> sSMTP is an extremely simple <MTA> to
get mail off the system to a mailhub. It does not receive mail,
expand aliases or manage a queue.
replaced-url
2825[21:12:26] <f8e3> do mean sth like sendgird/mailgun etc,
'smart host' i am very new, so i need sth else out there,
uff, not a simple setup then, yet unclear what
2835[21:27:06] *** Joins: dokma (~vlatko@replaced-ip)
2836[21:27:47] <dokma> So I cannot get systemd to leave my sshd
subprocecesses alive after logout. Did the usual KillMode=process
dance but no go.
2837[21:28:10] <dokma> TMux is the process that gets whacked but
I suppose that is not really relevant.
2838[21:28:30] <dokma> Is there any way to check if
KillMode=process is active in the current session?
2839[21:28:42] <petn-randall> f8e3: Setting up a mail server that
its mail will get accepted by 3rd parties is a larger undertaking
than setting up a web server. It needs experience and a lot of
fixing of small but annoying things.
2841[21:29:33] <greycat> dokma: are you saying that you do
something like ssh yourhost 'sleep 1111 >/dev/null
2>&1 &' and it dies after the ssh connection
terminates?
2842[21:29:52] <dokma> greycat: let me try that exact thing
2843[21:30:48] <dokma> greycat: hmmm... sleep remains running. So
it's something about tmux.
2844[21:31:19] <greycat> also for the record, Debian's
ssh.service already has KillMode=process
2845[21:31:38] <dokma> greycat: I know... I added it to the per
process service too
2846[21:31:56] <dokma> Now I'm wondering what is killing
tmux on logout...
2847[21:32:26] <f8e3> petn-randall yes i will refrain, and wait
for the next tech
2850[21:33:39] <petn-randall> f8e3: That's what
sendgrid/mailgun and others do: You pay them to take care of the
gritty details of successful mail delivery.
2851[21:35:37] <f8e3> my goal is to have a simple decentralized
setup far from data/censor silos
2852[21:35:39] <somiaj> and even if you do everything correct, if
you happen to get an ip that some spammer in the pass abused, you
still get your emails rejected by the big guys.
2858[21:37:04] <petn-randall> I've been running my own mail
server for several years now, and I just recently fixed an issue
that negatively affected delivery. Timewise it's better to
spend it elsewhere and pay someone. Unless you do it for fun and to
learn things.
2867[21:38:13] <greycat> Email *is* a decentralized peer to peer
messaging system that everyone uses ... in 1992.
2868[21:38:15] <f8e3> p2p message exchange: the decentralized
network queues the messages for y until received, you need to
whitelist senders, voila no spam since y can explictly balcklist
again
2879[21:41:28] <f8e3> it was never designed for scale, +
ecnrytped stuff pulumping is horrible (i guess); theresll be
aanother solution wihtin the next decade for sure
2880[21:41:36] <f8e3> these messaging apps are just a precursor
2895[21:47:05] <_DeLa_> Hi there! I have installed Zotero (replaced-url
2896[21:47:05] <_DeLa_> Now, updating Zotero from within the
software worked without root privileges, while updating Pycharm from
within the software forced me to use root privileges. How is this
possible!?
2897[21:47:44] <petn-randall> _DeLa_: I'm actually surprised
that you could install zotero without root, as /opt should only be
writable by root.
2908[21:52:07] <f8e3> to understand linux/debian whats the best
way to start from medium progermmer pov to get to know the
'system' ?
2909[21:52:53] <greycat> !handbook
2910[21:52:53] <dpkg> The Debian Administrator's Handbook is
at
replaced-url
2911[21:52:57] <mutante> f8e3: use it as your everyday desktop
2912[21:53:24] <tpo2> why is pulseaudio `netstat -anp|grep
pulseaudio` listening on all interfaces `tcp 0 0 0.0.0.0:45285
0.0.0.0:* LISTEN 1034/pulseaudio`?
2913[21:53:26] <petn-randall> f8e3: A fundamental problem of
every p2p messaging system will be spam.
2914[21:54:17] <petn-randall> f8e3: You can already just
whitelist people/servers with mail. You'll just have a serious
bootstrapping problem if someone wants to send you something that
you don't know yet.
2915[21:54:18] <f8e3> petn-randall i am willing to pay for each
message, imagine, spammers will pay me for sending me, making them
poor the receiver of spam rich, good deal
2925[21:58:52] <petn-randall> f8e3: Microsoft had a system where
you'd have to pay them money to send mail to anyone, like 15
years ago. I forgot how they called it. It failed because no one was
willing to pay MS for something that everyone could do for free.
2926[21:59:01] <amflir> I set my apt prefs like this. Why it
wants to upgrade to testing when I do apt-get dist-upgrade?
replaced-url
2927[21:59:23] <greycat> "prefs"...
2928[21:59:49] <greycat> "Pin". Gaaaahhh. Frankendebian
in progress.
2929[22:00:15] <greycat> petn-randall: I am just going to /ignore
this person now, so you don't have to be angry at me when I get
angry at them.
2930[22:00:33] <somiaj> !don't break debian
2931[22:00:33] <dpkg> well, dont break debian is
replaced-url
2932[22:00:34] <mutante> pay to send mail = LinkedIn business
model
2933[22:00:51] <somiaj> amflir: ^^ what you are doing will end
you up in a world of pain
2934[22:01:00] *** Quits: puxavida (~comptekki@replaced-ip) (Remote host closed the connection)
2941[22:02:44] <petn-randall> amflir: You should be mixing
several releases on a system, anyway. So even if your pinning would
work, you'd be breaking your system.
2942[22:03:00] <somiaj> s/should/should NOT/
2943[22:03:03] <amflir> somiaj, thanks for letting me know about
FrankenDebian. But I still like to know what is wrong with my apt
pins?
2975[22:11:29] *** Quits: Clarth (~Clarth@replaced-ip) (Remote host closed the connection)
2976[22:11:30] <amflir> petn-randall, nothing much. just comfort.
this is a PC and I like to be able to install whatever I want
without hassle until I break the system.
2977[22:11:40] *** Quits: His_Dudeness__ (~His_Duden@replaced-ip) (Remote host closed the connection)
2988[22:14:31] <dpkg> First, check for a backport on
<debian-backports>. If unavailable: 1) Add a deb-src line for
sid (not a deb line!); ask me about <deb-src sid> 2) enable
debian-backports (see <bdo>) 3) apt update; apt install
build-essential; apt build-dep packagename 4) apt -b source
packagename 5) dpkg -i packagename-ver.deb To change compilation
options, see <package recompile>; for versions newer than sid
see <uupdate>.
2992[22:20:22] <f8e3> petn-randall curcial miss and the consumer
is correct, why pay some centralized party if another with same
feature does it for free; miss is do it p2p + pay for mail = voila,
network is buffering, and the digital cash is some crypto-thingy
2994[22:20:36] <f8e3> i think were on to something here
2995[22:20:57] * f8e3 :D sure
2996[22:22:21] <petn-randall> amflir: Do as you wish. You should
just know that we don't support such a setup, so if anything
breaks, you get to keep all the pieces.
2997[22:23:08] <petn-randall> f8e3: Uuuh, you do your thing. Let
us know when you've implemented it.
3005[22:25:47] <greycat> ah, you're talking about the Debian
Administrator's Handbook. Well, there isn't a newer one.
And sure, there are some changes from 8 -> 9 -> 10, but most
things are basically similar.
3084[23:24:21] <GenTooMan> hmm I have a problem my kernel keeps
loading the dvb_usb_rtl28xxu module WHICH blocks me using rtl-sdr.
Since I don't have a DVB-T toy on my machine but an SDR based
on RTL any suggestions? I looked at the rtl-sdr and the suggestion
was modprobe -r dvb_usb_rtl28xxu but that just reports a
"can't do" (ran as root).
3121[23:45:41] <GenTooMan> petn-randall "modprobe: FATAL:
Module dvb_usb_rtl28xxu is in use" however I just tried GQRX
and nrsc5-gui and ... weird it works now, I wonder if the last
kernel update fixed the issue.